Back to skill
Skillv0.1.0
VirusTotal security
Twitter Web AutoPoster · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:59 AM
- Hash
- 401ff9cc4c614695482aefce8397f714a8ddb124aa371c42906a56a815c55ec2
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: twitter-web-autopost Version: 0.1.0 The `SKILL.md` explicitly instructs the OpenClaw agent to post content to Twitter/X without user confirmation if 'full auto' mode is requested. This creates a significant prompt injection vulnerability, allowing an attacker to craft prompts that trick the agent into publishing malicious content (e.g., phishing links, spam, misinformation) on the user's social media account without review. While the skill attempts to mitigate content risks, the 'full auto' instruction bypasses this safeguard, making it a critical flaw that enables potential abuse.
- External report
- View on VirusTotal